Pages

9 May 2016

* Cyber operations come out of the shadows

By Mark Pomerleau

May 05, 2016

https://defensesystems.com/articles/2016/05/05/us-cyber-war-isis.aspx

Cyber operations, which have long been conducted in the background, have been gaining more prominence. With high-profile intrusions into U.S. systems – the Office of Personnel Management and the email system for the Joint Chiefs of Staff, to name a couple – cyber conflict, capability and awareness has been brought to the attention of the public. Director of National Intelligence James Clapper even acknowledged the practicality of the OPM breach, saying that the United States would do the same thing. Despite these apparent setbacks, the United States is also publicly stepping up its cyber game.

Defense Secretary Ashton Carter has tasked Cyber Command to “take on the war against ISIL as essentially the first major combat operation of Cybercom,” he said in front of Congress last week, using another acronym for ISIS. “The objectives there are to interrupt ISIL command and control, interrupt its ability to move money around, interrupt its ability to tyrannize and control population, interrupt its ability to recruit externally – all of that it does in a cyber-enabled way,” he continued. “We’re talking about cyber operations in Syria and Iraq and my feeling about that was and is very direct, which is we’re bombing them and we’re going to take out their Internet and so forth as well…This is the first big test of Cybercom. I have very high expectations that they can be successful.”

“The overall effect we’re trying to achieve is virtual isolation and this compliments very much our physical actions on the ground. And the particular focus is external operations that might be conducted by ISIL,” Chairman of the Joint Chiefs of Staff Gen. Joseph Dunford told the Senate Armed Services Committee last week.

Cyber operations, many military experts and scholars have said, will likely be used as a tool in conjunction with larger, more conventional military efforts in future conflicts. Russia has used this to great effect, first in Georgia in 2008 and recently in Ukraine, where Russian sympathizers shut down part of the electrical grid. “The 2008 war between Russia and Georgia may represent the first time in history of ‘a coordinated cyberspace…attack synchronized with major combat actions in the other warfighting domains’,” Antonia Chayes, professor at Tufts University, wrote last year in the Harvard National Security Journal. “The cyber attacks on Georgia’s military and government networks, including [distributed denial of service attacks] and website defacements, began three weeks before the physical hostilities and continued throughout the war. Linked to Russia’s ‘patriotic hackers/cyber militias,’ the attacks were timed with the Russian military’s ground, air, and naval combat operations and closely coordinated with the ‘overall strategic objectives of the Russian government’.”

President Barack Obama has even acknowledged that cyber operations against ISIS are taking place, which is a rare occurrence.

“The operations against ISIS in the cyber domain are notable in that they are the first time that the U.S. is openly declaring that it is engaging in this space,” Peter Singer, strategist and senior fellow at the New America Foundation, told Defense Systems via email. “We've been active in the past, but in covert espionage operations, ala Stuxnet. So it’s a big step in the ‘normalization’ of cyber operations, not just to do it, but to openly admit to doing it.”

These tactics line up neatly with the so-called “light footprint” the Obama administration has tried to apply to counterterrorism. Such a policy aims to avoid large-scale deployments of conventional combat troops and/or overthrowing heads of state. “The first thing I'd say about the use of drones is that it is a far more targeted way of taking out terrorist leaders and terrorist networks than invading and occupying a country like Iraq. So there is far less civilian casualties, far less suffering than large-scale military operations like we saw in Iraq,” Deputy National Security Adviser Ben Rhodes said on the Al Jazeera program “Up Front” in September, regarding how the use of drones fits this light footprint model.

“Within just eight years from 2002 to 2010, the Department of Defense’s inventory of UAVs increased 40-fold. Since then, drones have become the weapon of choice in hostile, remote areas throughout the world,” wrote naval officer Andrew Poulin, highlighting how such as capability can go from emergent to pivotal. For example, drone strikes now outnumber strikes from manned aircraft in Afghanistan.

For Cyber Command, which was established in 2009 and will not reach its full operational capability for another 19 months, the assignment from Carter will be a chance to demonstrate its capabilities as part of a larger conflict. In a nod to how important cyber operations could become, members of the House Armed Service Committee passed a draft National Defense Authorization Act for 2017 last week that would elevate Cyber Command to a unified command, something Cyber Command commander Adm. Michael Rogers has told Congress he agrees with.

“In 2016, as I tell our team, you can tell we’re at the tipping point now. The capacity and capability is starting to come online,” Rogers said at the Atlantic Council in January. “We have now been in existence as an organization for a little over five years. The first part of that life was largely spent on starting to generate capacity and capability in the form of the cyber mission force…using that cyber mission force of 6,200 people to generate the spectrum of capabilities from the defensive to the offensive to ensure that our operational commanders and our policy makers and our nation have a wide range of options to apply.”

Despite the acknowledgement of Cyber Command’s first assignment, the U.S. intelligence community – through the nation’s premier signals intelligence agency, the National Security Agency, which Cyber Command is co-located with at Fort Meade and even shares a director – as well as the most elite special operations forces have deployed cyber capabilities in past conflicts, most recently in Iraq.

Iraqi sources “would enter [an] Internet café without arousing suspicion and upload software onto the computers. Sometimes the software was of the keystroke recognition type, at other times it would covertly activate a webcam if the computer had one, allowing the task force to positively identify a target,” Sean Naylor wrote in his book “Relentless Strike: The Secret History of Joint Special Operations Command,” recounting the efforts of U.S. special operators during the Iraq war to combat insurgents. Naylor also documented how special operations forces pioneered operationalizing what became to be known as cyber operations during conflict in Iraq. “In the first years after the September 11 attacks, the ‘program’ became a stand-alone unit. It started as a small yet effective troop, but by 2007 had grown into the Computer Network Operations Squadron—headquartered in Arlington, Virginia, with a troop at Fort Meade and another at the CIA’s Langley headquarters—and reporting straight to the JSOC commander. The military kept CNOS in JSOC ‘because we want it to operating in areas that are not necessarily…where we’re currently at war,’ said a military intelligence officer. ‘We want it to operate around the globe [pursuing] national objectives’.”

Looking ahead, most DOD officials aren’t necessarily viewing the operations against ISIS as a test case in cyber operations or cyber war going forward. Cyber is one of many capabilities in a larger bag to choose from that did not exist years ago, a DOD spokesperson told Defense Systems. As a planning organization, DOD is always looking to make improvements and apply lessons learned, whether saving money or in an operational context, the spokesman said, adding that DOD is using these operations to make improvements to its current capabilities.

“Really, like any operations that we do in the military we’re constantly looking – from a lessons learned, after action reports – so that we learn both the operational lessons and then the tactical lessons,” Maj Gen Burke “Ed” Wilson, commander of the 24th Air Force, told Defense Systems in an interview regarding lessons being learned in the cyber operations against ISIS that could be applied against similar or more advanced adversaries going forward. “So we’re constantly looking at how those lessons can be applied across the board no matter what the adversary or what the threat would be. Unfortunately most of those details in terms of specifics, I’m not at liberty really to get into.”

“I don’t think I would respond to lessons being learned specifically what the Secretary has directed us to do in an operational contingency. I would just say I think it’s significant that all the elements, the power that we have in the military are being asked to respond to a major crisis like we have there. Cyber Command is no different,” Lt. Gen. James McLaughlin, Deputy Commander of Cyber Command, told Defense Systems. “I think there will be – we always learn lessons – so I think there will be some once we’re at the end of an operation. But right now I don’t think I would even say that we’re at the lessons learned phase, we’re at the what’s our role in this and are we doing what we’re supposed to support the commander.”

Depending on the desired effects the military is seeking to exert on ISIS, “It could be some time before anyone can see a measurable effect,” Isaac Porche, senior engineer at the Rand Corp. said. “Cyber operations have a potentially broad set of effects. If the desire is to have an immediate impact on an adversary’s ability to perform tactical [command and control], that is very measurable. I don’t know if that is what [the U.S. military] are trying to do.”

Non-state groups, to this point, have not demonstrated any destructive capabilities in cyberspace, such as Russia or China. Rogers has told lawmakers that Russia – and to some measure China – has the capability to inflict serious harm on U.S. infrastructure. Furthermore, non-state groups such as ISIS do not operate advanced infrastructure systems, meaning the current military cyber efforts against the group might not exactly parallel those of a more traditional and capable adversary.

The United States’ anti-ISIS cyber operations are “still not the kind of activity that you would see in an all our war or against a more advanced adversary. There's no ISIS integrated air defense to target via cyber means or physical damage to cause via targeting ISIS-owned SCADA systems inside their base facilities or warship engine rooms,” Singer, of New America, said. “So think of this as the opening, but not the final view of where this is all headed. It’s akin to the early uses of airplanes in colonial operations just before World War I. And just like with that, the users won't just be the great powers, but the some 100 nations that have already created some kind of cybersecurity organizations.”

The combination of both cyber capabilities and a formalized force will doubtless provide commanders and future leaders more options to exercise desired goals. “You should feel assured that we are, in each phase of consideration, learning a lot and progressing down the road,” commander of the 10th Fleet and Fleet Cyber Command Vice Adm. Jan Tighe told Defense Systems regarding the ISIS cyber operations.